From b50917fe2c1d3d45cde79ddaf3afa0c29154db0f Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 2 Oct 2018 09:16:34 +0100
Subject: [PATCH] Fix non-root reconfiguration with ceph enabled
Various ceph-related tasks were missing a 'become' that would allow them
to work as a non-root user. This seems to only cause a problem after an
initial deployment, perhaps due to the recursive ownership & permissions
changes at the end of the ceph.yml and external_ceph.yml files.
This change adds the necessary becomes.
Change-Id: I887c7b3bdef49db1dd1bf9e5bdbf5dc47b7f41af
Closes-Bug: #1795125
---
ansible/roles/glance/tasks/ceph.yml | 3 +++
ansible/roles/glance/tasks/external_ceph.yml | 4 +++-
ansible/roles/gnocchi/tasks/ceph.yml | 3 +++
ansible/roles/gnocchi/tasks/external_ceph.yml | 3 +++
ansible/roles/manila/tasks/ceph.yml | 1 +
ansible/roles/manila/tasks/external_ceph.yml | 1 +
ansible/roles/nova/tasks/ceph.yml | 5 +++++
ansible/roles/nova/tasks/external_ceph.yml | 5 +++++
8 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/ansible/roles/glance/tasks/ceph.yml b/ansible/roles/glance/tasks/ceph.yml
index 614069c545..04ff51af3e 100644
--- a/ansible/roles/glance/tasks/ceph.yml
+++ b/ansible/roles/glance/tasks/ceph.yml
@@ -4,6 +4,7 @@
path: "{{ node_config_directory }}/glance-api"
state: "directory"
mode: "0770"
+ become: true
when: inventory_hostname in groups['glance-api']
- name: Copying over ceph.conf(s)
@@ -14,6 +15,7 @@
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
dest: "{{ node_config_directory }}/glance-api/ceph.conf"
mode: "0660"
+ become: true
when: inventory_hostname in groups['glance-api']
- include_tasks: ../../ceph_pools.yml
@@ -40,6 +42,7 @@
key = {{ cephx_key.keyring.key }}
dest: "{{ node_config_directory }}/glance-api/ceph.client.glance.keyring"
mode: "0600"
+ become: true
when: inventory_hostname in groups['glance-api']
- name: Ensuring config directory has correct owner and permission
diff --git a/ansible/roles/glance/tasks/external_ceph.yml b/ansible/roles/glance/tasks/external_ceph.yml
index ce8960ec95..513e063508 100644
--- a/ansible/roles/glance/tasks/external_ceph.yml
+++ b/ansible/roles/glance/tasks/external_ceph.yml
@@ -4,6 +4,7 @@
path: "{{ node_config_directory }}/glance-api"
state: "directory"
mode: "0770"
+ become: true
when: inventory_hostname in groups['glance-api']
- name: Copy over ceph files
@@ -11,6 +12,7 @@
src: "{{ item }}"
dest: "{{ node_config_directory }}/glance-api/"
mode: "0660"
+ become: true
when: inventory_hostname in groups['glance-api']
with_fileglob:
- "{{ node_custom_config }}/glance/ceph*"
@@ -18,12 +20,12 @@
- Restart glance-api container
- name: Ensuring config directory has correct owner and permission
- become: true
file:
path: "{{ node_config_directory }}/{{ item }}"
recurse: yes
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
+ become: true
when: inventory_hostname in groups['glance-api']
with_items:
- "glance-api"
diff --git a/ansible/roles/gnocchi/tasks/ceph.yml b/ansible/roles/gnocchi/tasks/ceph.yml
index 3ae3aee140..d6bed838e3 100644
--- a/ansible/roles/gnocchi/tasks/ceph.yml
+++ b/ansible/roles/gnocchi/tasks/ceph.yml
@@ -3,6 +3,7 @@
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
+ become: true
when: inventory_hostname in groups[item]
with_items:
- "gnocchi-api"
@@ -16,6 +17,7 @@
- "{{ node_custom_config }}/ceph.conf"
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
+ become: true
when: inventory_hostname in groups[item]
with_items:
- "gnocchi-api"
@@ -46,6 +48,7 @@
key = {{ cephx_key.keyring.key }}
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring"
mode: "0600"
+ become: true
when: inventory_hostname in groups[item]
with_items:
- "gnocchi-api"
diff --git a/ansible/roles/gnocchi/tasks/external_ceph.yml b/ansible/roles/gnocchi/tasks/external_ceph.yml
index 32c797d3d9..e3bf801ad0 100644
--- a/ansible/roles/gnocchi/tasks/external_ceph.yml
+++ b/ansible/roles/gnocchi/tasks/external_ceph.yml
@@ -3,6 +3,7 @@
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
+ become: true
when: inventory_hostname in groups[item]
with_items:
- "gnocchi-api"
@@ -13,6 +14,7 @@
template:
src: "{{ node_custom_config }}/gnocchi/ceph.conf"
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
+ become: true
when: inventory_hostname in groups[item]
with_items:
- "gnocchi-api"
@@ -27,6 +29,7 @@
copy:
src: "{{ node_custom_config }}/gnocchi/ceph.client.gnocchi.keyring"
dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring"
+ become: true
when: inventory_hostname in groups[item]
with_items:
- "gnocchi-api"
diff --git a/ansible/roles/manila/tasks/ceph.yml b/ansible/roles/manila/tasks/ceph.yml
index e0a3fe51f1..2cbc0b343c 100644
--- a/ansible/roles/manila/tasks/ceph.yml
+++ b/ansible/roles/manila/tasks/ceph.yml
@@ -3,6 +3,7 @@
file:
path: "{{ node_config_directory }}/manila-share"
state: "directory"
+ become: true
- name: Copying over ceph.conf for manila
merge_configs:
diff --git a/ansible/roles/manila/tasks/external_ceph.yml b/ansible/roles/manila/tasks/external_ceph.yml
index 1793380a22..10b89d4204 100644
--- a/ansible/roles/manila/tasks/external_ceph.yml
+++ b/ansible/roles/manila/tasks/external_ceph.yml
@@ -3,6 +3,7 @@
file:
path: "{{ node_config_directory }}/manila-share"
state: "directory"
+ become: true
when:
- inventory_hostname in groups['manila-share']
diff --git a/ansible/roles/nova/tasks/ceph.yml b/ansible/roles/nova/tasks/ceph.yml
index 2799784259..ec3122b352 100644
--- a/ansible/roles/nova/tasks/ceph.yml
+++ b/ansible/roles/nova/tasks/ceph.yml
@@ -4,6 +4,7 @@
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
mode: "0770"
+ become: true
with_items:
- "nova-compute"
- "nova-libvirt/secrets"
@@ -19,6 +20,7 @@
- "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf"
dest: "{{ node_config_directory }}/{{ item }}/ceph.conf"
mode: "0660"
+ become: true
with_items:
- "nova-compute"
- "nova-libvirt"
@@ -58,6 +60,7 @@
key = {{ nova_cephx_key.keyring.key }}
dest: "{{ node_config_directory }}/nova-compute/ceph.client.nova.keyring"
mode: "0600"
+ become: true
when: inventory_hostname in groups['compute']
- name: Pushing secrets xml for libvirt
@@ -65,6 +68,7 @@
src: "secret.xml.j2"
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
mode: "0600"
+ become: true
when:
- inventory_hostname in groups['compute']
- item.enabled | bool
@@ -81,6 +85,7 @@
content: "{{ item.content }}"
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
mode: "0600"
+ become: true
when:
- inventory_hostname in groups['compute']
- item.enabled | bool
diff --git a/ansible/roles/nova/tasks/external_ceph.yml b/ansible/roles/nova/tasks/external_ceph.yml
index f1425348e6..93950f621e 100644
--- a/ansible/roles/nova/tasks/external_ceph.yml
+++ b/ansible/roles/nova/tasks/external_ceph.yml
@@ -4,6 +4,7 @@
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
mode: "0770"
+ become: true
with_items:
- "nova-compute"
- "nova-libvirt/secrets"
@@ -33,6 +34,7 @@
src: "{{ nova_cephx_keyring_file.stat.path }}"
dest: "{{ node_config_directory }}/{{ item }}/"
mode: "0660"
+ become: true
with_items:
- nova-compute
- nova-libvirt
@@ -49,6 +51,7 @@
src: "{{ node_custom_config }}/nova/ceph.conf"
dest: "{{ node_config_directory }}/{{ item }}/"
mode: "0660"
+ become: true
with_items:
- nova-compute
- nova-libvirt
@@ -64,6 +67,7 @@
src: "secret.xml.j2"
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.xml"
mode: "0600"
+ become: true
when:
- inventory_hostname in groups['compute']
- item.enabled | bool
@@ -98,6 +102,7 @@
content: "{{ item.result.stdout }}"
dest: "{{ node_config_directory }}/nova-libvirt/secrets/{{ item.uuid }}.base64"
mode: "0600"
+ become: true
when:
- inventory_hostname in groups['compute']
- item.enabled | bool